The framework and intention of certificate policies are described in RFC 3647 , where Certification Practice Statements (CPS) are also described.
According to the RFC, policies may be marked as critical or non-critical. This distinction is largely to limit the liability of the CA. Policies which are marked as critical should be the only ones a digital certificate is used for. That is, if a critical certificate policy designates a certificate for use in digitally signing electronic communication, it should not be used for encryption. If it is in fact used for encryption and the confidentiality of the encrypted data is compromised, the CA has limited liability.